Using QuickSight API for embeding dashboards

Hello,

I want to verify the implementation flow for embedding QuickSight dashboards within an AWS-hosted UI application. Specifically, I would like to confirm if the following approach is valid:

  1. Assign a role with the necessary permissions (quicksight:GenerateEmbedUrlForRegisteredUser, sts:AssumeRole, and quicksight:RegisterUser) to the instance where the UI application is running.
  2. Use an AssumeRole request to get temporary credentials for the user.
  3. Register the user using the RegisterUser API.
  4. Finally, generate the embed URL using the GenerateEmbedUrlForRegisteredUser API.

Is this flow correct and feasible, or are additional considerations or steps needed to properly set up embedding for QuickSight dashboards?

Thank you for your insights!

For step 2, the RegisterUser API will create a new user a QuickSight instead of getting a temporary credentials. You need to use DescribeUser API to check if the user is already there DescribeUser - Amazon QuickSight.
If not, then use RegisterUser API to create a new user in QuickSight

If a new user is created, this user will have no access on any dashboard. Therefore, you need to add this user to a group by using CreateGroupMembership

Or use UpdateGroupPermission to share dashboard with this new user

Finally, you can generate ember URL for this user.

In further dive deep into detail, you can take a look on this workflow Workshop Studio

And you can download the code from the lambda in the above workshop

1 Like